Passer au contenu principal
Commencer une nouvelle conversation

Non résolu

P

PseudoAuHasard

1 Rookie

 • 

3  messages

6

24 juin 2024 15:23

S3148 : Add a CA certificate

Hi,

I m trying to up a CA certificate but it does not works.

S3148#crypto ca-cert install tftp://10.0.x.xx/CAcert.pem
Loading CA certificate PEM-formatted file... % Error: CA Certificate file operation error.

I don't know what's happen.

Can you help me?

Thanks.

Regards. 

DELL-Chris H

Moderator

 • 

8.6K  messages

24 juin 2024 20:11

PseudoAuHasard,

 

To start, would you verify if you are doing this from within Global Configuration Mode? Also, would you confirm that your CA follows the guidelines laid out on page 1047 here?

 

Let me know what you see and if this helps.

 

 

PseudoAuHasard

1 Rookie

 • 

3  messages

25 juin 2024 07:17

Hello,

Thank you for your answer.

Yes i m in global configuration mode (no conf term). I m using completion to be sure to use good syntax.

I don't know if my certificate follows guideline because  i tried on a S4112F-ON  and on a S4128F-ON with this command : 

crypto ca-cert install trusted-host

% Error: Unable to validate trusted-host certificate file -
Trusted host certificate has CA flag set to TRUE

This is my own CA. 

In guideline : 

The system checks if “CA:TRUE” is specified in the certificate’s extensions section and the keyCertSign bit (bit 5)
is set in the KeyUsage bit string extension. If these extensions are not set, the system does not install the certificate.

This is OK for my certificate.  

I don't know what is happening. I can upload this CAcert in procurve and aruba switches.

Thanks for help.

Regards.

DELL-Marco B

Moderator

 • 

3.5K  messages

25 juin 2024 14:48

Hello,

some information about certificate online here

Troubleshooting Certificate Chain Issues Required for OpenManage Enterprise Migration | Dell US

 

Also which OS version of the switch?

Thanks

PseudoAuHasard

1 Rookie

 • 

3  messages

25 juin 2024 15:19

Hello,

For S3148  : 

S3148#show version
Dell EMC Real Time Operating System Software
Dell EMC Operating System Version:  2.0
Dell EMC Application Software Version:  9.14(2.21)
Copyright (c) 1999-2021 by Dell Inc. or its subsidiaries. All Rights Reserved.
Build Time: Mon Oct  2 11:53:10 2023
Build Path: /neteng/build/clones/coveritybuild-eqx-04/build/build02/SW/SRC
Dell EMC Networking OS uptime is 4 day(s), 0 hour(s), 53 minute(s)

System image file is "system://B"

System Type: S3148
Control Processor: Broadcom 56340 (ver A0) with 2 Gbytes (2147483648 bytes) of memory, core(s) 1.

1G bytes of boot flash memory.

  2 52-port GE/TE (S3100)
 96 GigabitEthernet/IEEE 802.3 interface(s)
  8 Ten GigabitEthernet/IEEE 802.3 interface(s)

I do not have problem with certificate chain but directly with our CA wich cannot be uploaded. I will check your link but unfortunately i don't think it will help.

Thanks to you. Regards.

DELL-Chris H

Moderator

 • 

8.6K  messages

25 juin 2024 16:44

In my opinion it looks like you're doing everything correctly so i am not sure why it isn't working beyond it being the CA itself causing the issue.

 

 

 

Voir plus

Tout afficher

Aucun événement trouvé !

Top